Technical Discovery: ElastiAlert as a UEBA platform

Problem to solve

Intended users

Further details

Proposal

Evaluate from a technical perspective if ElastiAlert is an appropriate technology choice for us to base our UEBA offering on top of.

• Consider that other groups inside GitLab will be introducing ElasticSearch to clusters.

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references